[Cryptography] Maybe those million-bit-key cryptosystems have something to offer after all....
Jerry Leichter
leichter at lrw.com
Sat Jul 28 07:05:44 EDT 2018
A common theme of amateurish or over-hyped cryptosystems - at least a couple of years back; this seems to have faded - was the use of super-long keys for "higher security". Realistically, all a longer key gives you is security against brute force attack, and 256 bits is already way beyond anything that can be attacked by any foreseeable technology. And yet....
Consider https://arstechnica.com/gadgets/2018/07/new-spectre-attack-enables-secrets-to-be-leaked-over-a-network/ (contains link to the technical paper) which describes a Spectre-like attack that can be carried out over a network, without downloading any code to the system under attack. It's one of a class of slow side-channel attacks - very slow; 1-3 bits per hour attacking a system in the Google Cloud over the Internet. (They got it up to a bit per minute over a local network.)
There are very few secrets worth stealing at these rates. Except, of course, for keys. Keys serve as information concentrators: Leak 256 bits and in the right circumstances you've effectively leaked Gigabytes.
A workaround would be to stretch a 256-bit key in memory however long you want it - e.g., store each bit as the parity of a(n almost) random 64-bit value. But to use any standard AES implementation, you need to synthesize the 256-bit form - and it can then be leaked. An implementation that pulled in one bit at a time might be possible, though likely impossibly slow.
-- Jerry
With at least half a :-)
More information about the cryptography
mailing list